Attackers in cyberspace seem overwhelming, but they are not superhuman. Attackers also have a budget, a boss, an objective, and their own "risk model" of behavior. Our goal is not to create a perfect defense, but instead to dynamically manage defenses that: force the attacker into less space; and allow the defender to deal with them earlier in time. At its heart, cyberdefense is a decision-making, risk-managing machine, fueled by information.
Narrowing attack opportunities through prevention, threat intelligence, automation, interrupting attacker life-cycle, rapid detection and effective response – these are all crucial defensive actions that need to be seen as part of a holistic cyberdefense machine that manages space and time to defensive advantage. In this talk, we will discuss various models and the dynamics of cyberdefense, and set the stage for the role of automation and orchestration to empower this machinery.